Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Uber-jar contains .env file when built after running quarkusDev (Gradle) #21024

Closed
Foobartender opened this issue Oct 27, 2021 · 1 comment · Fixed by #21029
Closed

Uber-jar contains .env file when built after running quarkusDev (Gradle) #21024

Foobartender opened this issue Oct 27, 2021 · 1 comment · Fixed by #21029
Assignees
@geoand
Labels
area/gradle Gradle area/kotlin kind/bug Something isn't working
Milestone
2.4.1.Final

Comments

@Foobartender
Copy link
Contributor

Describe the bug

When running quarkusDev, .env is copied to build/classes/java/main/ (or build/classes/kotlin/main/). If quarkusBuild is executed afterwards without running "clean" before, an uber-jar will contain that file.

Expected behavior

Uber-jar should not contain .env file.

Actual behavior

It does.

How to Reproduce?

  • Go to code.quarkus.io
  • Select Gradle as build tool.
  • Click "Generate your application" and download the zip.
  • Run the following commands:
unzip path/to/code-with-quarkus.zip 
cd code-with-quarkus/
touch .env
./gradlew quarkusDev
# Terminate quarkusDev
./gradlew -Dquarkus.package.type=uber-jar quarkusBuild
unzip -l build/code-with-quarkus-1.0.0-SNAPSHOT-runner.jar | grep env

Output of uname -a or ver

Linux ***** 5.14.14-arch1-1 #1 SMP PREEMPT Wed, 20 Oct 2021 21:35:18 +0000 x86_64 GNU/Linux

Output of java -version

openjdk version "11.0.13" 2021-10-19 OpenJDK Runtime Environment GraalVM CE 21.3.0 (build 11.0.13+7-jvmci-21.3-b05) OpenJDK 64-Bit Server VM GraalVM CE 21.3.0 (build 11.0.13+7-jvmci-21.3-b05, mixed mode, sharing)

GraalVM version (if different from Java)

No response

Quarkus version or git rev

2.3.1.Final

Build tool (ie. output of mvnw --version or gradlew --version)

Gradle 7.2

Additional information

This might leak potentially sensitive information like credentials used during development.
@Foobartender Foobartender added the kind/bug Something isn't working label Oct 27, 2021
@quarkus-bot
Copy link

quarkus-bot bot commented Oct 27, 2021

/cc @evanchooly, @glefloch, @quarkusio/devtools

@geoand geoand self-assigned this Oct 27, 2021
geoand added a commit to geoand/quarkus that referenced this issue Oct 27, 2021
@geoand
Ensure that .env file does not end up in the prod artifact
bfaca4d 
Fixes: quarkusio#21024
@geoand geoand mentioned this issue Oct 27, 2021
Merged
geoand added a commit to geoand/quarkus that referenced this issue Oct 27, 2021
@geoand
Ensure that .env file does not end up in the prod artifact
caa8184 
Fixes: quarkusio#21024
@snowdrop-bot snowdrop-bot mentioned this issue Oct 27, 2021
Closed
geoand added a commit to geoand/quarkus that referenced this issue Oct 27, 2021
@geoand
Ensure that .env file does not end up in the prod artifact
4d0fe3b 
Fixes: quarkusio#21024
aloubyansky added a commit that referenced this issue Oct 27, 2021
@aloubyansky
Merge pull request #21029 from geoand/#21024
fc602d1 
Ensure that .env file does not end up in the prod artifact
@quarkus-bot quarkus-bot bot added this to the 2.5 - main milestone Oct 27, 2021
@gsmet gsmet modified the milestones: 2.5 - main, 2.4.1.Final Nov 2, 2021
gsmet pushed a commit to gsmet/quarkus that referenced this issue Nov 2, 2021
@geoand @gsmet
Ensure that .env file does not end up in the prod artifact
1bdb31d 
Fixes: quarkusio#21024
(cherry picked from commit 4d0fe3b)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@geoand geoand

Labels
area/gradle Gradle area/kotlin kind/bug Something isn't working
Projects
None yet
Milestone
2.4.1.Final
Development

Successfully merging a pull request may close this issue.

Ensure that .env file does not end up in the prod artifact geoand/quarkus
3 participants
@gsmet @geoand @Foobartender